summaryrefslogtreecommitdiff
path: root/backend/node
Unidiff
Diffstat (limited to 'backend/node') (more/less context) (ignore whitespace changes)
-rw-r--r--backend/node/src/clipperz.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
index 6bf56bb..c6d776a 100644
--- a/backend/node/src/clipperz.js
+++ b/backend/node/src/clipperz.js
@@ -128,65 +128,65 @@ var CLIPPERZ = module.exports = function(CONFIG) {
128 +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", 128 +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",
129 [ req.session.otp, req.session.u ], 129 [ req.session.otp, req.session.u ],
130 function(e,r) { 130 function(e,r) {
131 if(e) return cb(e); 131 if(e) return cb(e);
132 if(!r.rowCount) return cb(new Error('no OTP found')); 132 if(!r.rowCount) return cb(new Error('no OTP found'));
133 r=r.rows[0]; 133 r=r.rows[0];
134 if(!r.yes) return cb(new Error('OTP is in a sorry state')); 134 if(!r.yes) return cb(new Error('OTP is in a sorry state'));
135 cb(null,{ref:r.otp_ref}); 135 cb(null,{ref:r.otp_ref});
136 }); 136 });
137 }] 137 }]
138 },function(e,r) { 138 },function(e,r) {
139 if(e) return cb(e); 139 if(e) return cb(e);
140 req.session.C = ppp.C; req.session.A = ppp.A; 140 req.session.C = ppp.C; req.session.A = ppp.A;
141 req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; 141 req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
142 req.session.u = r.u.u_id; 142 req.session.u = r.u.u_id;
143 req.session.b = clipperz_random(); 143 req.session.b = clipperz_random();
144 req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16); 144 req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
145 var rv = {s:req.session.s,B:req.session.B} 145 var rv = {s:req.session.s,B:req.session.B}
146 if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref; 146 if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;
147 res.res(rv); 147 res.res(rv);
148 }); 148 });
149 149
150 case 'credentialCheck': 150 case 'credentialCheck':
151 var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); 151 var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
152 var A = BIGNUM(req.session.A,16); 152 var A = BIGNUM(req.session.A,16);
153 var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( 153 var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
154 BIGNUM(req.session.b,16), srp_n); 154 BIGNUM(req.session.b,16), srp_n);
155 var K = clipperz_hash(S.toString(10)); 155 var K = clipperz_hash(S.toString(10));
156 var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); 156 var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
157 if(M1!=ppp.M1) return res.res({error:'?'}); 157 if(M1!=ppp.M1) return res.res({error:'?'});
158 req.session.K = K; 158 req.session.K = K;
159 var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); 159 var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
160 return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeededd:false,lock:'----'}); 160 return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});
161 161
162 case 'oneTimePassword': return PG.Q( 162 case 'oneTimePassword': return PG.Q(
163 "UPDATE clipperz.theotp AS otp" 163 "UPDATE clipperz.theotp AS otp"
164 +" SET" 164 +" SET"
165 +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" 165 +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
166 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" 166 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
167 +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" 167 +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
168 +" ELSE 'DISABLED' END" 168 +" ELSE 'DISABLED' END"
169 +" ) END," 169 +" ) END,"
170 +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," 170 +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
171 +" otp_utime = current_timestamp," 171 +" otp_utime = current_timestamp,"
172 +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" 172 +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
173 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" 173 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
174 +" WHERE" 174 +" WHERE"
175 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" 175 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
176 +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", 176 +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
177 [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], 177 [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
178 function(e,r) { 178 function(e,r) {
179 if(e) return cb(e); 179 if(e) return cb(e);
180 if(!r.rowCount) return cb(new Error('OTP not found')); 180 if(!r.rowCount) return cb(new Error('OTP not found'));
181 r=r.rows[0]; 181 r=r.rows[0];
182 if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) 182 if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)
183 return cb(new Error('OTP was disabled because of checksum mismatch')); 183 return cb(new Error('OTP was disabled because of checksum mismatch'));
184 if(r.otps_code!='ACTIVE') 184 if(r.otps_code!='ACTIVE')
185 return cb(new Error("OTP wasn't active, sorry")); 185 return cb(new Error("OTP wasn't active, sorry"));
186 req.session.u=r.u_id; req.session.otp=r.otp_id; 186 req.session.u=r.u_id; req.session.otp=r.otp_id;
187 res.res({data:r.otp_data,version:r.otp_version}); 187 res.res({data:r.otp_data,version:r.otp_version});
188 }); 188 });
189 } 189 }
190 break; 190 break;
191 191
192 case 'message': 192 case 'message':